Lucene search
K

3144 matches found

Github Security Blog
Github Security Blog
added 2022/10/25 7:56 p.m.44 views

Improper Control of Generation of Code ('Code Injection') in Azure CLI

Description In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. For example: Application X is a web application wi...

9.8CVSS10AI score0.03207EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2022/10/25 5:15 p.m.5 views

PYSEC-2022-43177

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

9.8CVSS7.3AI score0.03207EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2022/10/25 5:15 p.m.17 views

CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

9.8CVSS0.03207EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/10/25 5:15 p.m.41 views

CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

9.8CVSS7.2AI score0.03207EPSS
Exploits1References4
Prion
Prion
added 2022/10/25 5:15 p.m.17 views

Code injection

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

7.5CVSS9.7AI score0.03207EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/10/25 5:15 p.m.3 views

UBUNTU-CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

9.8CVSS7.3AI score0.03207EPSS
Exploits1References5
Microsoft Secure
Microsoft Secure
added 2022/10/25 4:0 p.m.56 views

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, QuantumLocker, and Zeppelin,...

4.6CVSS1.4AI score0.07304EPSS
Exploits2
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.37 views

CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

8.1CVSS10AI score0.03207EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/10/25 12:0 a.m.30 views

CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

9.8CVSS8.5AI score0.03207EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.4 views

CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

8.1CVSS7.8AI score0.03207EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-6012

Name of the Vulnerable Software and Affected Versions Azure CLI versions prior to 2.40.0 Description The vulnerability is related to the Azure CLI's command-line interface for Microsoft Azure, which contains a potential code injection issue in versions prior to 2.40.0. This vulnerability can be...

10CVSS8.4AI score0.03207EPSS
Exploits1References21
OSV
OSV
added 2022/10/25 12:0 a.m.19 views

CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

8.1CVSS9.3AI score0.03207EPSS
Exploits1References5
Akamai Blog
Akamai Blog
added 2022/10/24 1:0 p.m.13 views

What’s New for Developers: October 2022

Read about our new Postman collections, the latest Akamai PowerShell release, our improvements to Edge Diagnostics, and how to quickly integrate Linode with Akamai...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/21 2:56 p.m.193 views

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also...

10CVSS0.1AI score0.99997EPSS
Exploits40
The Hacker News
The Hacker News
added 2022/10/19 10:9 a.m.64 views

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

Details have emerged about a previously undocumented and fully undetectable FUD PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threa...

2.7AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/10/18 6:0 p.m.29 views

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team DART responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures TTPs as most network security postures increase. In this blog, we detail a...

0.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/10/18 6:0 p.m.28 views

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team DART responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures TTPs as most network security postures increase. In this blog, we detail a...

0.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2022/10/17 12:0 a.m.31 views

Microsoft Exchange PowerShell Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The issue results from the lack of proper validation of...

8.8CVSS6AI score0.99964EPSS
Exploits11References1
Kitploit
Kitploit
added 2022/10/11 11:30 a.m.25 views

Monkey365 - Tool For Security Consultants To Easily Conduct Not Only Microsoft 365, But Also Azure Subscriptions And Azure Active Directory Security Configuration Reviews

Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start. To help with...

7AI score
Exploits0References5
The Hacker News
The Hacker News
added 2022/10/10 1:10 p.m.24 views

New Report Uncovers Emotet's Delivery and Evasion Techniques Used in Recent Attacks

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control C2 infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider aka TA542, emerging in June 2014 as ...

1.7AI score
Exploits0
Rows per page
Query Builder